Guidelines

October is Cyber Security Awareness Month!

This year is the 11th anniversary of National Cyber Security Awareness Month, a collaborative effort created between government and industry to guarantee everyone has the resources needed to stay safe online.

The online world has become a very important part of our everyday life. We work, learn, plan and play online all through the day and the actions that we take, whether we are connected to the Internet or not, often impact the whole online community. The campaign refers to Cybersecurity as “the mechanism that maximized our ability to grow commerce, communications, community and content in a connected world.”

The Internet is a resource that we all share. Everyone has the responsibility of securing the networks they use, as well as their portion of the cyberspace; it is also a shared responsibility to take actions to ensure cyber security and to promote these actions. If we each make an effort to guarantee the safety of the Internet, it will have a positive impact for everyone.

This October, the RIT Information Security Office encourages you to review your online safety practices, take precautions and spread the word! Help others understand the consequences of their actions and behaviors online, so that they too can enjoy the Internet safely. Cyber security is a matter that affects everyone. Do your part to make cyberspace safer!

This year, RIT is again a proud champion of NCSAM, and as a part of our shared responsibility to promote online safety for everyone, we share with you the 2014 National Cyber Security Awareness Campaign STOP.THINK.CONNECT, that is dedicated to promoting cybersecurity practices for everyone.

Practice digital self-defense: protect yourself and everyone else by following these simple tips:

Keep a Clean Machine.

Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an option available.

Protect all devices that connect to the Internet: Smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.

Plug & scan: USB sticks and other external devices can be infected by viruses and malware. Use your security software to scan them.

Protect Your Personal Information.

Secure your accounts: Ask for protection beyond passwords. Many account providers now offer two-factor authentication, an additional way for you to verify who you are before you conduct business on that site.

Use a passphrase: Create a passphrase by choosing a short phrase, changing the capitalization of some of the letters, replacing some with numerical and symbolic substitutions and purposefully misspelling or abbreviating some words. For more information on how to create a secure password go to Creating Strong Passwords.

Write it down and keep it safe: Everyone can forget a password. Use a password safe such as LastPass to store your passwords.

Own your online presence: When available, set the privacy and security settings on social media to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

Connect with Care.

When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.

Get savvy about Wi‐Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.

Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

Be Web Wise.

Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.

Think before you act: Be wary of communications that urge you to act immediately, offers something that sounds too good to be true, or asks for personal information.

Back it up: Protect your valuable work, music, photos, and other digital information by making a digital copy and storing it safely.

Be a Good Online Citizen.

Safer for me means more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.

Posters

In the last EDUCAUSE Poster and Video contest, RIT student and Information Security Office employee Karyn Lewis won several monetary awards for her posters. We'll provide information on the next contest as it's available. Click on the thumbnails below to see the posters.

2011 Gold Winner, Training Video: "The Right Kind of Bait"

2009 Gold Winner, Training Video: "Cyber Security Awareness"

Cloud Computing Best Practices

We've provided some general information below about cloud computing. At RIT, information handling requirements (including the use of non-RIT servers for storage) are articulated in the Information Access and Protection Standard. Refer to the standard for more information about storage restrictions based on information classification.

There are certainly some benefits to cloud computing, but the practice of saving content on the Internet is facing more scrutiny than ever. While there is no silver bullet solution to securing your cloud service, understanding how you can protect yourself is the best way to keep your information private.

Keep up to date with the latest cloud security developments. Because cloud computing is constantly evolving and adapting to new security threats, you need to upgrade your security as often as possible. As this article states, “hackers target vulnerable operating systems that don't have properly applied patches.”

Add file caching capability to your computer. Consider local caching of your files on your computer as a backup for your cloud service. Cloud computing is perfect for sharing team files, but the network can go down and bring project progress to a standstill. Having your files to work off of, even if they aren’t perfectly synced, is an essential backup if you want to continue working. This is also convenient if you encounter a security breach, because it allows you to find any changes or deletions in your files.

Don’t just rely on cloud computing. If it’s not maintained by you, there is never a guarantee that your information will be there. When Megaupload was taken down by the FBI, many users found that they lost all of their own data as part of that effort to stop the distribution of copyrighted materials. Cloud Service Providers (CSPs) sometimes recommend that you store your data with several cloud services, which is more costly due to subscription costs and is less effective than hosting your own backup system. Most CSPs save your information in one place, so you would be buying multiple services that depend upon a single source.

Know which programs or services you use that are supported by cloud service providers. This allows you to keep better track of what information you could potentially lose or have stolen in the event of a CSP security breach. This knowledge can be critical to protecting your private information; if you’re not aware of what is available, you may become an unsuspecting victim.

Be aware that your system can easily be transferred to another server in the CSP’s network. Although this is a major advantage of cloud computing, if you deal with sensitive or classified information it is better at this point in cloud service development to work exclusively with more secure in-house systems.

Keep up to date on any infrastructure or policy changes for your CSP. Having a good relationship with your CSP is important, to ensure that you know when they change how they handle and secure your information. Although you may not be able to access security information in the same way you could on an internal system, understanding how your information is saved and monitored could quickly alert you to a problem.

Compare encryption standards between various CSP’s. Look for an Advanced Encryption Standard (AES) since it’s the best standard currently available to secure your data. An SAS 70 Type II datacenter is also widely acknowledged as a very secure physical housing of information. Having access to a CSP with both of these systems will help secure your information a bit better.